SUSE-SU-2016:1351-1: moderate: Security update for systemd

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed May 18 11:14:14 MDT 2016 

   SUSE Security Update: Security update for systemd
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1351-1
Rating:             moderate
References:         #959886 #960158 #963230 #965897 #967122 #970423 
                    #970860 #972612 #972727 #973848 #976766 #978275 
                    
Cross-References:   CVE-2014-9770 CVE-2015-8842
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves two vulnerabilities and has 10 fixes
   is now available.

Description:


   This update for SystemD provides fixes and enhancements.

   The following security issue has been fixed:

   - Don't allow read access to journal files to users. (bsc#972612,
     CVE-2014-9770, CVE-2015-8842)

   The following non-security issues have been fixed:

   - Restore initrd-udevadm-cleanup-db.service. (bsc#978275, bsc#976766)
   - Incorrect permissions set after boot on journal files. (bsc#973848)
   - Exclude device-mapper from block device ownership event locking.
     (bsc#972727)
   - Explicitly set mode for /run/log.
   - Don't apply sgid and executable bit to journal files, only the
     directories they are contained in.
   - Add ability to mask access mode by pre-existing access mode on
     files/directories.
   - No need to pass --all if inactive is explicitly requested in list-units.
     (bsc#967122)
   - Fix automount option and don't start associated mount unit at boot.
     (bsc#970423)
   - Support more than just power-gpio-key. (fate#318444, bsc#970860)
   - Add standard gpio power button support. (fate#318444, bsc#970860)
   - Downgrade warnings about wanted unit which are not found. (bsc#960158)
   - Shorten hostname before checking for trailing dot. (bsc#965897)
   - Remove WorkingDirectory parameter from emergency, rescue and
     console-shell.service. (bsc#959886)
   - Don't ship boot.udev and systemd-journald.init anymore.
   - Revert "log: honour the kernel's quiet cmdline argument". (bsc#963230)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2016-791=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2016-791=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2016-791=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      libgudev-1_0-devel-210-70.48.1
      libudev-devel-210-70.48.1
      systemd-debuginfo-210-70.48.1
      systemd-debugsource-210-70.48.1
      systemd-devel-210-70.48.1
      typelib-1_0-GUdev-1_0-210-70.48.1

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      libgudev-1_0-0-210-70.48.1
      libgudev-1_0-0-debuginfo-210-70.48.1
      libudev1-210-70.48.1
      libudev1-debuginfo-210-70.48.1
      systemd-210-70.48.1
      systemd-debuginfo-210-70.48.1
      systemd-debugsource-210-70.48.1
      systemd-sysvinit-210-70.48.1
      udev-210-70.48.1
      udev-debuginfo-210-70.48.1

   - SUSE Linux Enterprise Server 12 (s390x x86_64):

      libgudev-1_0-0-32bit-210-70.48.1
      libgudev-1_0-0-debuginfo-32bit-210-70.48.1
      libudev1-32bit-210-70.48.1
      libudev1-debuginfo-32bit-210-70.48.1
      systemd-32bit-210-70.48.1
      systemd-debuginfo-32bit-210-70.48.1

   - SUSE Linux Enterprise Server 12 (noarch):

      systemd-bash-completion-210-70.48.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      libgudev-1_0-0-210-70.48.1
      libgudev-1_0-0-32bit-210-70.48.1
      libgudev-1_0-0-debuginfo-210-70.48.1
      libgudev-1_0-0-debuginfo-32bit-210-70.48.1
      libudev1-210-70.48.1
      libudev1-32bit-210-70.48.1
      libudev1-debuginfo-210-70.48.1
      libudev1-debuginfo-32bit-210-70.48.1
      systemd-210-70.48.1
      systemd-32bit-210-70.48.1
      systemd-debuginfo-210-70.48.1
      systemd-debuginfo-32bit-210-70.48.1
      systemd-debugsource-210-70.48.1
      systemd-sysvinit-210-70.48.1
      udev-210-70.48.1
      udev-debuginfo-210-70.48.1

   - SUSE Linux Enterprise Desktop 12 (noarch):

      systemd-bash-completion-210-70.48.1


References:

   https://www.suse.com/security/cve/CVE-2014-9770.html
   https://www.suse.com/security/cve/CVE-2015-8842.html
   https://bugzilla.suse.com/959886
   https://bugzilla.suse.com/960158
   https://bugzilla.suse.com/963230
   https://bugzilla.suse.com/965897
   https://bugzilla.suse.com/967122
   https://bugzilla.suse.com/970423
   https://bugzilla.suse.com/970860
   https://bugzilla.suse.com/972612
   https://bugzilla.suse.com/972727
   https://bugzilla.suse.com/973848
   https://bugzilla.suse.com/976766
   https://bugzilla.suse.com/978275

More information about the sle-security-updates mailing list